Data extortion

Page 1

FORESEC

WHAT IS IT ?

RANSOMWARE

15%

25%

VICTIMISED COUNTRIES TOP 5

SEX RANSOM

1000> cases

25%

921 cases

BANKING FRAUD

500 cases

SINGAPORE INDONESIA

5%

MALAYSIA

VENDETTA

However, identification and arrest of cyberextortionists are low because they usually operate from countries other than those of their victims and use anonymous accounts and fake e-mail addresses.

30%

A website, email server or computer system may be subjected to repeated denial of service by malicious attackers, who demand money in return for promising to stop the attacks. In recent years, cybercriminals have developed ransomware that can be used to encrypt the victim’s data. The attacker then demands money for the decryption key. Since majority of business enterprises are using Internet for their business, opportunities for cyberextortionists have exploded.

INCIDENTS 2014

PHISHING

Cyberextortion is a form of online crime which occurs when a person uses the Internet to demand money or other goods or behavior (such as sex), from another person by threatening to inflict harm to his person, his reputation, or his property. There are various forms of cyberextortion. Originally, denial of service (DoS) attacks were the most common method used by cyberextortionists.

TYPES OF

AUSTRALIA NEW ZEALAND 800 cases

850 cases SOURCE : INDIPENDANT SURVEY ON SECURITY INCIDNETS FROM CERT ASIA AND USA FOR ASIA PACIFIC REGION

DAMAGES BY

INDUSTRIES RETAIL AND WHOLESALE INDUSTRIES

Immediately after a breach it will be necessary to carry out forensic analysis and investigations to identify and contain the breach. It may also be necessary to undertake an official forensic audit by approved auditors of the relevant data protection authority.

HOTEL & SERVICE INDUSTRIES

FORENSIC COST

AIRLINE & AVIATION INDUSTRIES

Increasing data protection legislation, the growth of the underground digital economy and new technology such as cloud computing and social media has seen the number of data breaches significantly increase year on year. Some of the largest breaches that have occurred have cost companies upwards of GBP 100m. Costs as a result of a data breach can include:

CORPORATE EMPLOYEES & IMPORTANT INDIVIDUALS

By far, the most well known Cyber risk and the most common cause of Cyber risk claims notified to Willis’ FINEX Global practice group and the insurance market presently is a privacy/data breach. How the breach occurs can come in a variety of ways – from hacking to lost laptops. Common to all breaches is the significant quantum of the costs suffered by the breached company to deal with the data theft/loss.

FINANCIAL AND BANKING SECTORS

THE DATA BREACH PHENOMENON

NOTIFICATION In the event there is a data breach customers affected by the breach will need to be notified. This is mandatory in the US, Spain, Germany, Austria and Norway however it is considered good practice by the Information Commissioner’s Office (ICO) here in the UK. Notifying customers will also ensure that consumer churn is kept to aaminimum. FINES AND PENALTIES Regulatory fines and penalties plus Payment Card Industry (PCI) fines where credit card information is involved.

FORESEC

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.